The HIPAA E-Tool
@hipaaetool.bsky.social
A comprehensive, easy-to-use web-based solution to HIPAA compliance. Protecting Patient Privacy is Our Job! Check us out at http://theHIPAAEtool.com
Stay on high alert for holiday cyber risks this month. thehipaaetool.com/holiday-cybe...
The Gift Nobody Wants: Holiday Cyber Risks Spike in December
Holiday cyber risks spike this time of year. Prepare in advance by alerting staff, installing updates, and reviewing contingency plans.
thehipaaetool.com
December 16, 2025 at 3:53 PM
Stay on high alert for holiday cyber risks this month. thehipaaetool.com/holiday-cybe...
Healthcare data breaches trigger lawsuits as well as regulatory scrutiny. Avoid expensive litigation with strong HIPAA compliance. thehipaaetool.com/a-5-million-...
A $5 Million Wake-Up Call: Geisinger Health and Nuance
The class action settlement with Geisinger Health and Nuance exemplifies that the increasing risk of HIPAA noncompliance stems from lawsuits.
thehipaaetool.com
December 3, 2025 at 2:06 PM
Healthcare data breaches trigger lawsuits as well as regulatory scrutiny. Avoid expensive litigation with strong HIPAA compliance. thehipaaetool.com/a-5-million-...
Healthcare organizations are quickly adopting artificial intelligence, but it introduces risks related to patient safety and privacy. New guidance is on the way to help navigate these challenges. thehipaaetool.com/ai-in-health...
AI in Healthcare: Beware of Cyber Risks
AI in healthcare holds promise for better patient care, greater efficiency, and innovation. But it comes with risks around safeguarding patient privacy.
thehipaaetool.com
November 19, 2025 at 7:46 PM
Healthcare organizations are quickly adopting artificial intelligence, but it introduces risks related to patient safety and privacy. New guidance is on the way to help navigate these challenges. thehipaaetool.com/ai-in-health...
A massive healthcare data breach at Conduent, Inc. will cost the company many millions. Although not a household name, Conduent, spun off from Xerox, is embedded in healthcare, banking, transportation, government, and various commercial sectors. thehipaaetool.com/conduent-fac...
Conduent Faces Mega Losses and Lawsuits
Conduent, a HIPAA business associate, was hacked, exposing the personal information of 10.5 million, and costing the company many millions.
thehipaaetool.com
November 11, 2025 at 9:08 PM
A massive healthcare data breach at Conduent, Inc. will cost the company many millions. Although not a household name, Conduent, spun off from Xerox, is embedded in healthcare, banking, transportation, government, and various commercial sectors. thehipaaetool.com/conduent-fac...
The HIPAA Security Rule can help providers better protect sensitive patient information from hackers. thehipaaetool.com/oglethorpe-d...
Oglethorpe Data Breach Affects 92,000 in Behavioral Health
Sensitive behavioral health data held by Oglethorpe was compromised in May when hackers attacked the company and accessed patient files.
thehipaaetool.com
November 7, 2025 at 3:04 PM
The HIPAA Security Rule can help providers better protect sensitive patient information from hackers. thehipaaetool.com/oglethorpe-d...
Yale New Haven Health System cuts its losses by settling a class action breach of privacy lawsuit for $18 million. This rapid settlement lets them repair their reputation and focus on security improvements to prevent future breaches. thehipaaetool.com/yale-new-hav...
Yale New Haven Health to Pay a Whopping $18M Settlement
A rapid settlement of a class action lawsuit allows Yale New Haven Health System to rebuild its reputation and strengthen its cybersecurity stance.
thehipaaetool.com
October 29, 2025 at 1:27 PM
Yale New Haven Health System cuts its losses by settling a class action breach of privacy lawsuit for $18 million. This rapid settlement lets them repair their reputation and focus on security improvements to prevent future breaches. thehipaaetool.com/yale-new-hav...
The top five HIPAA violations still plague quality healthcare organizations. thehipaaetool.com/the-top-5-hi...
The Top 5 HIPAA Violations: Avoid These to Stay Compliant
The top 5 HIPAA violations remain common among all sizes and kinds of healthcare organizations. Learn what they are and how to avoid them.
thehipaaetool.com
October 9, 2025 at 2:42 PM
The top five HIPAA violations still plague quality healthcare organizations. thehipaaetool.com/the-top-5-hi...
When the shutdown ends, hopefully soon, remember that HIPAA enforcement remains a priority under the direction of Paula Stannard, the Director of the Office for Civil Rights at HHS. thehipaaetool.com/hipaa-under-...
HIPAA Under Trump: the New Cyber Risk Reality
Maintain strong compliance because HIPAA under Trump is still a priority. Enforcement also comes from states and lawsuits protecting privacy.
thehipaaetool.com
October 1, 2025 at 5:36 PM
When the shutdown ends, hopefully soon, remember that HIPAA enforcement remains a priority under the direction of Paula Stannard, the Director of the Office for Civil Rights at HHS. thehipaaetool.com/hipaa-under-...
Today, a shutdown. But yesterday, while still functioning, the OCR announced a HIPAA settlement with Cadia Healthcare Facilities because it failed to obtain valid HIPAA authorizations from patients who posted testimonials on Cadia's website. www.hhs.gov/press-room/o...
www.hhs.gov
October 1, 2025 at 5:34 PM
Today, a shutdown. But yesterday, while still functioning, the OCR announced a HIPAA settlement with Cadia Healthcare Facilities because it failed to obtain valid HIPAA authorizations from patients who posted testimonials on Cadia's website. www.hhs.gov/press-room/o...
A HIPAA-regulated entity may not use or disclose a patient’s protected health information unless the patient agrees in advance by signing a valid HIPAA authorization. Review how it works here. thehipaaetool.com/understandin...
Understanding HIPAA Authorizations: A Quick Guide
Learn the basic rules of HIPAA authorizations. When are they required, are there any exceptions, and what are the required elements?
thehipaaetool.com
September 24, 2025 at 6:02 PM
A HIPAA-regulated entity may not use or disclose a patient’s protected health information unless the patient agrees in advance by signing a valid HIPAA authorization. Review how it works here. thehipaaetool.com/understandin...
Avoid #HIPAA violations in healthcare marketing and social media by learning three easy solutions to the top red flag concerns. thehipaaetool.com/avoid-hipaa-...
Avoid HIPAA Violations in Marketing: 3 Simple Steps
Discover how to safeguard patient privacy with these three essential steps to prevent HIPAA violations in marketing.
thehipaaetool.com
September 18, 2025 at 3:25 PM
Avoid #HIPAA violations in healthcare marketing and social media by learning three easy solutions to the top red flag concerns. thehipaaetool.com/avoid-hipaa-...
HHS has updated its HIPAA Security Risk Assessment (SRA) tool. www.healthit.gov/topic/privac...
Security Risk Assessment Tool | HealthIT.gov
www.healthit.gov
September 9, 2025 at 8:26 PM
HHS has updated its HIPAA Security Risk Assessment (SRA) tool. www.healthit.gov/topic/privac...
It's okay for providers to discuss healthcare matters with a patient's family and friends, as long as they follow some simple rules. #PatientPrivacy #HIPAACompliance #HIPAAPrivacyRule thehipaaetool.com/how-to-talk-...
How to Talk with Family and Friends Under HIPAA
Providers may talk with family and friends under HIPAA guidelines as long as the patient's wishes are respected.
thehipaaetool.com
September 8, 2025 at 2:29 PM
It's okay for providers to discuss healthcare matters with a patient's family and friends, as long as they follow some simple rules. #PatientPrivacy #HIPAACompliance #HIPAAPrivacyRule thehipaaetool.com/how-to-talk-...
OCR assumes enforcement of #Part2 substance use disorder privacy regulations. Coordinating HIPAA and Part 2 should lead to improved care; however, healthcare organizations still face challenges with siloed records inside EHR systems. #HIPAA #patientprivacy thehipaaetool.com/ocr-takes-ov...
OCR Takes Over Enforcement of Part 2 Regulations
OCR is responsible for enforcing Part 2 regulations on substance use disorder treatment, further aligning HIPAA and Part 2.
thehipaaetool.com
September 2, 2025 at 4:28 PM
OCR assumes enforcement of #Part2 substance use disorder privacy regulations. Coordinating HIPAA and Part 2 should lead to improved care; however, healthcare organizations still face challenges with siloed records inside EHR systems. #HIPAA #patientprivacy thehipaaetool.com/ocr-takes-ov...
Website pixel trackers in healthcare may violate #HIPAA and other privacy laws. The use of website trackers also invites class action lawsuits. thehipaaetool.com/mount-sinai-...
Mount Sinai Settles Web Tracker Lawsuit for $5.26 Million
Avoid the mistake Mount Sinai Health System made by preventing website pixel trackers from disclosing patient data to third parties.
thehipaaetool.com
August 27, 2025 at 1:20 PM
Website pixel trackers in healthcare may violate #HIPAA and other privacy laws. The use of website trackers also invites class action lawsuits. thehipaaetool.com/mount-sinai-...
#HIPAA enforcement continues strong. Avoid the hassles and expense of an investigation by getting compliance in order. Start with a HIPAA risk analysis. thehipaaetool.com/hipaa-compli...
HIPAA Compliance Prevents Costly Investigations
Avoid costly audits and investigations with strong HIPAA compliance. OCR enforcement is focused on Risk Analysis and ransomware prevention.
thehipaaetool.com
August 19, 2025 at 6:16 PM
#HIPAA enforcement continues strong. Avoid the hassles and expense of an investigation by getting compliance in order. Start with a HIPAA risk analysis. thehipaaetool.com/hipaa-compli...
UnitedHealth Group faces Senators' questions (again) about its failures to protect #patientprivacy. #HIPAAcompliance #HIPAASecurityRule thehipaaetool.com/unitedhealth...
UnitedHealth Group is Back in the Spotlight
The UnitedHealth Group is facing questions from Congress about whether its cybersecurity practices adequately protect patient information.
thehipaaetool.com
August 12, 2025 at 12:37 PM
UnitedHealth Group faces Senators' questions (again) about its failures to protect #patientprivacy. #HIPAAcompliance #HIPAASecurityRule thehipaaetool.com/unitedhealth...
#Meta violated consumer privacy, according to a jury verdict in a federal class action lawsuit. Flo Health and Google, also defendants in the case, settled before the case was decided. thehipaaetool.com/jury-found-m...
Jury Found Meta Violated Privacy of Flo Health Users
A jury decided that Meta violated California privacy law by using consumers' private health information for commercial purposes without consent.
thehipaaetool.com
August 6, 2025 at 2:10 PM
#Meta violated consumer privacy, according to a jury verdict in a federal class action lawsuit. Flo Health and Google, also defendants in the case, settled before the case was decided. thehipaaetool.com/jury-found-m...
Healthcare fraud is on the rise, warns the FBI. Patients and providers should remain vigilant and learn how to fight back. thehipaaetool.com/fbi-warns-of...
Beware of Alarming Healthcare Fraud Risks
High-pressure tactics are fueling healthcare fraud attacks on patients and providers. Learn how to recognize and fight back against cybercrime.
thehipaaetool.com
July 1, 2025 at 1:36 PM
Healthcare fraud is on the rise, warns the FBI. Patients and providers should remain vigilant and learn how to fight back. thehipaaetool.com/fbi-warns-of...
One judge, one decision, vacates the 2024 #HIPAA Reproductive Health modifications to the Privacy Rule. Effective immediately, nationwide, as of June 28, 2025. thehipaaetool.com/judge-vacate...
Texas Judge Vacates HIPAA Reproductive Health Rule
The HIPAA reproductive health rule, which strengthened privacy related to reproductive health, has been vacated. The decision applies nationwide.
thehipaaetool.com
June 25, 2025 at 4:10 PM
One judge, one decision, vacates the 2024 #HIPAA Reproductive Health modifications to the Privacy Rule. Effective immediately, nationwide, as of June 28, 2025. thehipaaetool.com/judge-vacate...
HIPAA's #PrivacyRule changes protecting reproductive rights have been vacated nationally by a Federal District court in Texas. #privacyrights #reproductiverights
www.hklaw.com/en/insights/...
www.hklaw.com/en/insights/...
HIPAA's Reproductive Health Rule Is Vacated Nationally | Insights | Holland & Knight
www.hklaw.com
June 23, 2025 at 1:50 PM
HIPAA's #PrivacyRule changes protecting reproductive rights have been vacated nationally by a Federal District court in Texas. #privacyrights #reproductiverights
www.hklaw.com/en/insights/...
www.hklaw.com/en/insights/...
Today is a good day to change your passwords, especially on major platforms like banks, investments, insurance, and healthcare. www.merca20.com/password-lea...
Password Leak: What We Know About the Massive 2025 Data Breach
In a stunning revelation that has shocked cybersecurity circles, researchers have warned of one of the largest data breach in history
www.merca20.com
June 20, 2025 at 4:06 PM
Today is a good day to change your passwords, especially on major platforms like banks, investments, insurance, and healthcare. www.merca20.com/password-lea...
Paula Stannard has no learning curve, with a deep background in health privacy and security, and a thorough knowledge of #HIPAA www.healthcareinfosecurity.com/hhs-names-ne....
HHS Names New Director for HIPAA Enforcement Agency
The U.S. Department of Health and Human Services has named Paula Stannard to lead its HIPAA enforcement agency - the Office for Civil Rights. Stannard was a legal
www.healthcareinfosecurity.com
June 6, 2025 at 11:45 AM
Paula Stannard has no learning curve, with a deep background in health privacy and security, and a thorough knowledge of #HIPAA www.healthcareinfosecurity.com/hhs-names-ne....
When a cyber incident hits, your response is only as strong as your communication. 🔒
In "Critical Considerations for Communication in Cyber Incidents," Marianne Kolbasuk McGee shares expert guidance on building a proactive, transparent communication strategy.
Read the full article: bit.ly/437aB1G
In "Critical Considerations for Communication in Cyber Incidents," Marianne Kolbasuk McGee shares expert guidance on building a proactive, transparent communication strategy.
Read the full article: bit.ly/437aB1G
Critical Considerations for Communication in Cyber Incidents
With highly sensitive information and disruptions to medical care at stake during cyberattacks on healthcare organizations, it's vital for these entities to
bit.ly
June 3, 2025 at 10:10 PM
When a cyber incident hits, your response is only as strong as your communication. 🔒
In "Critical Considerations for Communication in Cyber Incidents," Marianne Kolbasuk McGee shares expert guidance on building a proactive, transparent communication strategy.
Read the full article: bit.ly/437aB1G
In "Critical Considerations for Communication in Cyber Incidents," Marianne Kolbasuk McGee shares expert guidance on building a proactive, transparent communication strategy.
Read the full article: bit.ly/437aB1G
Large third-party vendors in healthcare face significant risks when they fail to safeguard patient privacy. thehipaaetool.com/aln-medical-...
ALN Medical Management Reveals HIPAA Breach Risks
Revenue cycle management firms in healthcare are key targets for cybercriminals looking for large troves of valuable patient information.
thehipaaetool.com
June 3, 2025 at 6:04 PM
Large third-party vendors in healthcare face significant risks when they fail to safeguard patient privacy. thehipaaetool.com/aln-medical-...